The alarm blared in the Ukrainian Security Operations Center (SOC) in Kyiv as the analysts scrambled to their monitors. A red alert flashed on the screen: “Unknown USB device detected on Naftogaz network. Possible malware infection. Source: Office 237, Kharkiv branch.”
“Damn it, not again!” shouted Yuri, the SOC manager. He grabbed his headset and contacted the local IT team. “This is Yuri from the SOC. We have a USB incident at your office. Do you have eyes on Office 237?”
There was a brief silence, then a shaky voice replied. “Yuri, this is Olena. We have a problem. Office 237 belongs to Petrov, the chief accountant. I just found out that he and his team were kidnapped by masked men this morning. They took him and his laptop.”
Yuri felt a chill run down his spine. He knew what this meant. The kidnappers were likely Russian GRU hackers, working for the Kremlin. They had used the hostname called ‘Petrov-Laptop’ to plug in a USB to infiltrate Naftogaz, the state-owned oil and gas company that was a vital asset for Ukraine’s energy security and sovereignty.
“Olena, listen to me carefully. You need to remotely disconnect Office 237 from the network immediately. Do not touch anything else. We will send a team to investigate.”
“OK, Yuri. I’m on it.” Olena hung up and connected to Office 237, hoping it was not too late.
Meanwhile, Yuri turned to his team and gave them instructions. “Alexei, you monitor the network traffic and look for any signs of data exfiltration or lateral movement. Katya, you remotely analyze the USB device and see what kind of malware it contains. Ivan, you contact the Ukrainian cyber defense unit and request backup. We need to contain this breach before it spreads.”
The team nodded and got to work. Yuri watched them with pride but also anxiety. He knew they were up against a formidable adversary, one that had been targeting Ukraine’s critical infrastructure for years. The Russian hackers had used sophisticated techniques and tools to sabotage power grids, disrupt elections, and steal sensitive information. They had also used human intelligence and social engineering to compromise insiders and gain access to physical devices.
Yuri wondered what the hackers wanted this time. Was it to steal Naftogaz’s financial data and expose its corruption? Was it to disrupt its operations and cause a gas shortage? Was it to sabotage its pipelines and trigger an environmental disaster? Or was it something else, something more sinister?
He hoped they would find out soon, before it was too late.
Anna was working at her desk that morning in the Naftogaz office in Kharkiv when she heard a loud bang. She looked up and saw smoke and flames out the window. She grabbed her phone and ran to the door, but it was locked. She heard gunshots and screams outside.
She realized she was trapped.
She checked her phone and saw a message from Yuri, her boyfriend and chief security analyst at the Naftogaz Security Operations Center (SOC). He had sent her a link to a video call.
She clicked on it and saw his face on the screen. He looked worried and angry.
“Anna, are you OK? What’s going on?” he asked.
“Yuri, I don’t know. There’s a fire and shooting. I can’t get out of my office. What’s happening?” she cried.
“Anna, listen to me. You’re in danger. The office has been attacked by the Russian army and they’ve brought GRU hackers with them. They’ve used a USB device to infect the network with malware. They’re trying to steal Naftogaz’s data and sabotage its operations. They’ve also sent soldiers to capture some of the employees and use their laptops to access the network.”
“Yuri, that’s horrible. How do you know all this?”
“Because I’m watching it on my monitor. The SOC has detected the breach and we’re trying to stop it. But we need your help.”
“My help? How can I help?”
“Anna, you work in the IT department, right? You should have access to the network settings and the firewall. You can help us block the hackers and isolate the infected devices.”
“But Yuri, I don’t have my laptop with me. It’s in my locker.”
“Anna, you don’t need your laptop. You can use your phone. I’ll guide you through it. Trust me.”
“OK, Yuri. I trust you. What do I do?”
“First, you need to remotely connect to the network using your phone. Then, you need to open the firewall settings and change the password. Then, you need to disable the USB ports on all the devices. Then, you need to scan the network for any suspicious activity and report it to me. Can you do that?”
“I think so. But Yuri, what if the soldiers or GRU hackers find me? What if they break into my office?”
“Anna, don’t worry. I’ll protect you. I’ve contacted the Ukrainian cyber defense unit and they will contact the Ukrainian SBU troops on the ground. They’re on their way. They’ll rescue you and the others. Just stay calm and do what I say.”
“OK, Yuri. I love you.”
“I love you too, Anna. Now hurry. We don’t have much time.”
Yuri watched the network traffic on his monitor and saw a spike in data transfer. He realized the hackers were trying to exfiltrate Naftogaz’s data to their servers. He quickly typed a command to block their IP address and stop the data leak.
He breathed a sigh of relief and checked on Anna. She was still on the video call with him, following his instructions to secure the network. She looked scared but determined.
“Anna, you’re doing great. You’ve changed the firewall password and disabled the USB ports. Now you need to scan the network for any suspicious activity and report it to me. OK?”
“OK, Yuri. I’m scanning the network now. It’s taking some time.”
“Anna, don’t worry. It’s normal. Just wait for it to finish and let me know what you find.”
“OK, Yuri. I’ll let you know.”
Yuri switched to another monitor and saw a message from his colleague Katya. She had analyzed the USB device and found out what kind of malware it contained.
“Yuri, I have bad news. The USB device contains a sophisticated chain of payloads that ultimately leads to wiper malware. It’s designed to erase all the data on the infected devices and render them useless. It’s a destructive attack, not just a theft.”
“Katya, that’s terrible. How do we stop it?”
“Yuri, we can’t stop it. It’s already activated. It’s only a matter of time before it wipes out everything.”
“Katya, how much time do we have?”
“Yuri, I don’t know. Maybe minutes, maybe seconds. It depends on how fast it spreads.”
“Katya, can we isolate the infected devices?”
“Yuri, we can try, but it won’t be easy. The malware is using a worm technique to propagate itself through the network. It can jump from one device to another without any user interaction.”
“Katya, what do we do?”
“Yuri, we need to act fast. We need to identify the infected devices and disconnect them from the network. We need to save as much data as we can. We need to minimize the damage.”
“Katya, I understand. Thank you for your work. I’ll do my best.”
“Yuri, good luck. I hope we make it.”
Yuri thanked Katya and switched back to Anna. She had finished scanning the network and had a list of devices on her screen.
“Yuri, I have the scan results. There are 237 devices on the network. 57 of them are infected with the malware. They’re marked in red on the list.”
“Anna, that’s bad. We need to disconnect them from the network right now. Can you do that?”
“Yuri, I think so. There’s a button here that says ‘disconnect’. I just need to select the infected devices and click on it.”
“Anna, do it. Do it now.”
“OK, Yuri. I’m doing it.”
Anna selected the infected devices and clicked on the disconnect button. She hoped it would work.
She saw a message on her screen: “Disconnecting devices. Please wait.”
She waited.
She saw another message on her screen: “Devices disconnected. Network secured.”
She smiled.
In a panic, Anna dropped her phone and ran to the door. She tried to open it, but it was still locked. She looked around for something to break it with. She saw a fire extinguisher on the wall. She grabbed it and smashed it against the door handle.
The door handle broke and the door swung open. Anna ran out of the office and into the hallway. She saw smoke and flames everywhere. She heard gunshots and screams. She smelled blood and gasoline. She ran towards the stairs, hoping to find a way out.
While avoiding fire and debris, she prayed for survival. She reached the stairs and ran down them. She saw a sign that said “Exit”. She followed it. She reached the exit and pushed the door open. She saw daylight and fresh air. She felt relief and hope.
She ran outside and saw a group of armed men in black uniforms. They were wearing masks and helmets. They had Russian flags on their shoulders. They had guns and grenades.
They were the Russian military hacking team.
They saw her and pointed their guns at her.
She froze.
She heard a voice behind her.
“Anna, don’t move. We’re here to help.”
She turned around and saw a group of armed men in green uniforms. They were wearing badges and helmets. They had Ukrainian flags on their chests. They had guns and shields.
They were the SBU troops sent by the Ukrainian cyber defense unit. They were Yuri’s friends. They moved in front of her and formed a protective circle around her. They fired at the Russian soldiers and GRU hackers. Who fired back and a firefight ensued.
Anna ducked and covered her ears. She hoped it would end soon and that Yuri was OK. She hoped they would be together again.
The firefight lasted for several minutes. The Ukrainian troops managed to push the Russian infiltrators back and secure the area.
They rescued Anna and the other hostages and took them to a nearby helicopter. Anna got on the helicopter and sat next to a soldier. He gave her a bottle of water. He smiled reassuringly and said his name was Ivan.
“Are you OK?” he asked.
“I’m OK. Thank you for saving me.” she said.
“You’re welcome. You’re very brave. You helped us stop those soldiers and the GRU hackers.”
“I did?”
“Yes, you did. You disconnected the infected devices from the network. You prevented the hackers from wiping out all the data. You saved Naftogaz and Ukraine.”
“I did?”
“Yes, you did. You’re a hero.”
“I am?”
“Yes, you are. And so is your boyfriend Yuri.”
“Yes, Yuri was the one who contacted us and told us what was going on. He’s the one who guided you through the network settings and the firewall. He’s the one who blocked the hackers’ IP addresses and stopped the data leak. He’s the one who loves you very much.”
“He is?”
“Yes, he is. And he’s waiting for you in Kyiv.”
“He is?”
“Yes, he is. We’re taking you to him right now.”
“You are?”
“Yes, we are. Don’t worry. Everything will be OK.”
“OK.”
Anna smiled and hugged the blanket. She felt warm and safe. She arrived in Kyiv and looked out of the window. She saw Yuri walking up and felt safe.
They embraced like never before. They thought they were going to lose each other and could not believe what a day it had been.
Fin.
